CVE Vulnerabilities

CVE-2021-27183

Externally Controlled Reference to a Resource in Another Sphere

Published: Apr 14, 2021 | Modified: Apr 21, 2021
CVSS 3.x
7.2
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead to Remote Code Execution.

Weakness

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Affected Software

Name Vendor Start Version End Version
Mdaemon Altn * *

References